Billions of devices impacted by new Bluetooth attack

Once attackers are able to penetrate a device using BlueBorne, they can take full control of the devices and laterally spread this malware to adjacent devices with Bluetooth enabled.

"We found the BlueBorne vulnerabilities somewhat by accident while we were doing research on wireless security, Izrael said". And devices running Bluetooth turn out to be fairly easy to identify with network sniffing tools, even when set to be non-discoverable.

The researchers rated three of the flaws they found as critical as they allowed attackers to take over devices, conduct man-in-the-middle attacks or intercept communications over Bluetooth.

Other attacks would allow attackers to remotely execute malicious code on the device, which could be used to hijack or corrupt a Bluetooth-enabled device. The vulnerabilities found in Wi-Fi chips affect only the peripherals of the device, and require another step to take control of the device. Bluetooth itself limits the bug even further: Blueborne can only target devices within range of the hackers, and only devices with Bluetooth turned on.

Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently. For example, a delivery person dropping a package at a bank could carry weaponized code on a BlueTooth-enabled device. BlueBorne is highly infectious as it spreads further via the victim devices. The researchers reported them to Google, Microsoft, and Apple in April and to Linux Maintainers in August. Armis added that over 180 million Android devices will never see this patch since they are no longer supported.

According to Armis Labs, BlueBorne not only affects billions of smartphones, desktops, sound systems, and medical devices, but it requires no action from users. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device. The iOS flaw does not have identifiers at the moment.

All Android phones, tablets, and wearables, apart from those using only Bluetooth Low Energy, are potentially vulnerable to the four Android flaws.

"In theory, to be safe on these devices, Bluetooth needs to be disabled until a patch is applied", said Mark James, an expert at cybersecurity firm ESET. Microsoft released an update today to all Windows versions that closes the vulnerability, with details listed here. Microsoft said Windows phones are not impacted by BlueBorne. Izrael said he expects Linux maintainers to release a fix soon.

Linux devices running BlueZ are affected by the information leak flaw and those from version 3.3-rc1, released in October 2011, are affected by the remote code execution flaw. Samsung's Tizen OS, based on Linux, is also affected. BlueBorne was patched in iOS 10. ZDNet's own testing, using Armis' app to check local and nearby Android devices for the vulnerabilities, shows several BlackBerry phones are at risk, as well as other Android devices.

Apple fixed the vulnerability for its devices with an update to iOS 10, which 89 percent of all iOS device users have updated to.

A technical report on the BlueBorne flaws is available here.

Devices with Bluetooth enabled are constantly searching for other Bluetooth devices, which can allow an attacker to use the BlueBorne vulnerability to connect to it without having to pair with said device.

Seri added that in his view over the last decade the research community has not spent a lot of time looking at Bluetooth flaws.

Apple Watch is the Number One Watch in the World
Apple Watch has become the world's number one watch, surpassing the likes of Rolex and Fossil, the tech giant's boss said today. Last year, consumers bought 21.1 million smartwatches alone, globally according to industry trackers Strategy Analytics.